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^ (57) Abstract: Method and apparatus for a distributed switching system supporting a plurality of services. A service request is 
^ initiated by an initiating customer. The service request is then executed using, for example, a user-to-network interface setup. A 

terminating setup is then performed to either accept or reject the requested service. Multiple service requests are correlated with 
Q respective services to enable at least one appropriate policy and logic. Data related to the requested service is obtained using at least 

one of a push procedure, a pull procedure, a query procedure* arid a procedure in which requests are associated with the issuance of 
^ certificates.' 
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MULTIS^\^dE USE OF NETWORK CONNECTION CAPABILITY 
UNDER USER-TO-NOT 

BACKGROUND OF THE INVENTION 

1. Field Of The Invention 

The present invention is directed to a distributed switching system, such as, for example, 
a Multiservice Switching System based on, for example, fraihe, cell or packet switching, that 
supports video, private line and data services. 

2. Discussion Of Background And Relat^ Infoririatibn 

A Multiservice Switching System (MSS) comprises a distributed switching device 
designed to support plural forms of data, such as, but not limited to, for example, voice, computer 
data and video signals. Switching can be based pn, for example, but not limited to j frame, cell, 
or packet switching. Multiservice Switching Systems may use a broad range of access 
technologies, including, but not limited to, for example, time division multiplexing (TDM), digital 
subscriber lines (xDSL), wireless, and cable modems. 

In an ATM switched \artual circuit (SVC) service, a SVC customer can either initiate or 
terminate a SVC service request via a user-to-network (UNI) interface. The SVQ customer may 
be, but is not limited to, for example, an individual subscriber, ah enterprise network, an ISP, or 
a peer network. Service policies define the capabilities and resources available to the customer. 
The service policies also determine whether a service request succeeds or fails. 

The amount of data being transmitted between locations has rapidly escalated. Voice 
networks (e.g., traditional telephone networks) are becoming overwhelmed by the rapidly 
increasing traffic flow. Further, it is costly to construct/expand such traditional telephone 
networks. As a result, companies are searching for ways to carry voice services over packet 
netovorks, and for removing data traffic from the voice networks. This has led to the development 
of media gateways and media gateway controllers (referred to as distributed switches) that 
separate the service intelligence from the associated hardware, and allows voice and data to be 
carried oyer a packet network. 

Conventional architectures dp riot permit the separation of a! service controller from a 
transport controller. F6r example, in a cdnVentioiial ATM switch, a calling party uses the UNI 
protocol to request an ATM SVC connection to another end system t&at is connected to the 
network. This request is carried by a signaling channel to an ATM edge switch, which terminates 
the UNI protocol and initiates a private network-network interface (PNNI) protocol to complete 
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a setup across the network to the edge switch that connects to the called party, the application 
of policy and decision to reject or accept a call is determined solely by an on-board processor 
within the switch. That is, service control is packaged into the switch. : No staiidardized ATM 
mechanism currently exists to utilize service control outeide of the switch. 
5 BRIEF DESCRIPTION OF THE DRAWINGS 

llie forgoing and other pbjwts, features mcl advantages ofthe invehtipn wiU^ 
froni the following more particular desmption of preferred embodiments, as illustrated in the 
accompanying drawings, which are presented as a non-limiting example, in which reference 
characters refer to the same parts thrbu^out the various views, and wherein: 
10 Fig. 1 illustrates an example ATM SVC service that utilizes intelligence separate from 

conventional ATM Switches that are useable with the present invention; 

Fig. 2 illustrates a conventional ATM Edge Switch and conventional SVC Service 
Controller useable with the example ATM SVC service of Fig. 1; 

Fig. 3 illustrates a next generation ATM Edge Switch and SVC Service and Switch 
1 5 Controller useable with the example ATM SVC service of Fig. 1; 

Fig. 4 illustrates an operation chart for a push method performed in accordance with the 
instant invention; 

Fig. 5 illustrates an operation chart for a piill method and a query method performed in 
accordance with the instant invention; and 
20 Fig. 6 illustrates an operation chart for a method using certificates performed in accordance 

with the instant invention. 

DETAILED DESCRtPTION OF EMBODIMENTS 
Accordingly, an object of the current invention is to provide a mechan i s m whereby a 
switdi, such as, for example, an ATM switch, can access an external sriyice control. In particular, 
25 the present invention allows multiple network services to share a network connection capability 
in such a way that a predetermined signal, such as, for example, Ul^ signaling, is interpreted via 
service specific controls (such as, for example, data, policies and transformations) contained 
within the network. This is achieved in a uniform manner, such that policies can be made globally 
available in the network. Further, user policy can be applied independent of the manner in which 
30 the user accesses the network. 

According to an object of the present invention, a multiservice switching system has a 
switching device having predetermined functions with respect to a request for a predetermined 
service, a switch controller that has a bearer function and a virtual switch function in order to 



2 




WO 02/12977 PCT/US01/2il31 

control the switching device, and a proxy device tii# contains s^(» policies related to either 
enabling or denying the predetennined service, in witfch multiple service requests aire correlated 
with respective services to enable at least one appropr^ policy and logic. The switching device 
and the switch controller may comprise a conventional switch, such as, for example* aii ATM 
5 Switch, or a next generation switch. 

According to a feature of the invention, the multisemce switching system further 
comprises a service controller. The service cbntroUer may i^lu^^ switch controUer. 
Alternatively, the switching device may include the switch controller. 

According to another object of the invention, a method is disclo sed for switching plural 
10 forms of data. A customer initiates a request for service. In response to the request, 
predetermined data related to the requested service is obtained. If the requested service is 
permitted, the initiating customer is instructed to initiate a setup, such as, for example, a UNI 
setup, identifying the requested service. A PNNI protocol (setup) is completed across a network 
in response to the UNI setup, and a second UNI setup is initiatedto accept or reject the service 
15 request, which is passed back to the initiating customer, wherdn multiple servi^ requests are 
correlated with respective services to enable at least one appropriate policy and logic. 

According to afeature of the invention, the ^ta related tq the reiqpe^ed service maybe 
obtained using at least one of a push proc^ure that pushes the predetsmiined data, a pull 
procedure that pulls policy and/or logic (e.g., a program) r^resenting "at least one of service 
20 capabilities and service permissions, a query (trigger) procedure to queries a service control 
module, or a certificate procedure that specifies permitted setup parameters, the push (download) 
procedure and the pull procedure pushes and pulls, respectively, information into a Network 
Connection Capability, and then makes a decision regarding a service. The query procedure 
provides facts (e.g., policy and/or logic), and then the service makes a policy and/or logic 
25 decision. 

According to an advantage of the invention, the certificate may be encrypted. In addition, 
a sequence number, that assists in preventing reuse of the certificate, may be assigned to the 
encrypted certificate. By examining the sequence number assigned to the certificate, it is possible 
to determine whether the sequence number (and thus, the certificate) was seen before. In addition 
30 to the assignment of the sequence number (or instead of using the sequence number), the 
certificate can be time-stamped and/or datestamped. An examination of the time-stamp and/or 
date-stamp (with or without the sequence number) assists in determimng whether the certificate 
is valid. If the time-stamp and/or date-stamp exceeds a predetennined delta value, the certificate 
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is determined to be invalid, and thus, the service request is denied. 

A still further advantage of the invention resides in the encrypted certificate being able to 
identify which service allowed the setup. 

According to another object of the invention, a method for switching plural.forms of data 
is disclosed. The method comprises iritiating a service request by an initiating customer, 
establishing the service request using a predetermined setup, such as. for example, a user-to- 
network interface setup, and initiating a second preddennined setip, such as, for example, a user- 
to-network interface setup, to accept or reject tr* ^ojue*ted service, wherein rnurtiple service - 
requests are corr elated with respective services to enable at least one appropriate policy and logic. 

According to a feature of the invention, a Service Control may request float initiating 
customer initiate the user-to-network interlace setup. 

According to another feature, if the service request is referred over an ATM network, 
the user-to-network interface setup is redirected from a switching device to a service controller. 

According to an advantage of the invention, the switching device is controlled by a switch 
controller. The switch controller may be integral with the switching device, or, alternatively, the 
switch controller may be integral with the service controller. 

Another advantage of the invention is that the service request may be established using at 
least one of a pushing procedure, a pulling procedure, a query procedure, and a certificate 
procedure. If the certificate procedure is employed, a certificate may establish what service 
requests uses the user-to-network interfece setup. Further, the certificate may specify what setup 
parameters are permitted and/or which service allowed the setup. 

If desired, the certificate may be encrypted. In addition* at least one of a sequence number, 
a time-stamp, and a date-stamp may be used with the certificate to assist in verifying that a 
certificate is valid. Thus, reuse of a certificate may be prevented. 

Fig. 1 discloses an example ATM SVC Service that can use the present invention,, 
comprising an initiating SVC service customer 10, a first ATM edge switch 1% an ATM core 
switch 14, a second ATM edge switch 16, a terminating SVC service customer 18, a first SVC 
service controller 20, a second SVC service controller 22, and a proxy device, such as, for 
example, a SVC service policy device 24. However, it is understood that rr^difications to this 
arrangement may be made without departing from the scope arid/or spirit of me invention. 

Further, while the present invention is being described with reference to a UNI signal* it 
is understood that alternative signal protocols may be used without departing from the spirit and/or 
scope of the invention. 
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The SVC customer 10 either initiates or terminates an SVC Service Request using UNI 
signaling. The SVC customer 10 may correspond to, for example* an individual subscriber, an 
: enterprise network, an ISP or a peer network In addition, an ISDN to ATM gateway may also 
act on behalf of an SVC customer, Service policies define the capabilities and resources available 
5 to the customer, and also, determine whether a service request succeeds or faUs. Example SVC 
service cW(^ab^ties mcMde, but aTe not Mted to, constant tit rate (CBT^, real time Arable 
: bit rate (rt-V6^ non-real time variable bit rife (hrt-VBR^, unspecified bit rate (UBR), available 
bit rate (ABR), calling line; idmtificatipri presentation and restriction (CLIP/CLIR). Example 
resources include* but are not limited to, for example, total bandwidth and totai number of SVC's. 
10 Fig. 1 illustrates the ATM SVC being implemented with conventional ATM switches that 

contain both bearer control and virtual switch control in addition to the switching function, the 
structure of which is shown in greater detail in Fig. 2. According to the present invention, the 
ATM SVC Service Control (e.g., network service instance control function NSICF) is removed 
from a switching device (e.g., ATM edge switch 12 or 16) and placed within a separate physical 
15 controller. In the first embodiment, bearer control and virtual switch control are bundled together 
(as a switch controller) with switching as part of a single physical unit, and the NSICF is bundled 
separately as the SVC Service Controller. UNI signaling is red%ected from the edge switch to the 
SVC Service Controller via a permanent yirtud This allows the SVC Service 

Controller to apply policy and/or other transformations to UNI setup messages. If the SVC 
20 Service Controller permits a setup, the SVC Service ControUer functions as a proxy agent for the 
SVC Service Customer, m accordance with, for example, Annex 2 of AtM UNI Signaling 
Specification Version 4.0, and issues a UNI setup command to the ATM Edge Switch. 

Fig. 2 illustrates a conventional switch. The conventional ATM Edge Switch 12 (or 16) 
comprises a first physical port 26, a virtual switch 28, a second physical port 30, a virtual switch 
25 controller 32, a bearer controller 34, and a third physical port 36. The first physical port 26 
includes a signaling gateway 38 and a logical port 40, while the second physical port 30 includes 
a logical port 42. 

The SVC Service Controller 20 (or 22) includes a first physical port 44, a Network Service 
Instance Control Function (NSICF) 46, and a second physical port 48. 
30 As shown in Fig. 2, an optional Service Gateway 50 is mterfaced between the SV C Service 

Controller 20 (or 22) and the policy Server 24. 

It is noted that the construction and operation of the ATM Edge Switch, the SVC Service 
Controller and the Service Gateway is known to those skilled in the art Thus, a detailed described 
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of tiie structure and operation of these elements is omitted It is former understood mat variations 
in the construction of the Edge Switch, SVC Service Controller and Service Gateway may be 
made without departing from the scope and/or spirit of the invention. 

While the invention is described with respect to an ATM SVC service, it is understood that 

5 the invention is not nrnited to ATM SVC sendee, but may be utilized wim oflier network services. 
. ' : In order to implement the ATM SVC Service outside of the conventional switch; aljNI 
signaling channel, produced by an SVC Service Customer, is redirected to an SVC Service 
Controller by a iPVC or S-PVC. An SVC Service Customer may correspond with an individual 
subscriber (connected by, but not limited to, for example) an xDSL connection, an ISDN 

10 connection (using, for example, an ISDN to ATM Internetwork gateway), an enterprise network, 
an ISP or a peer network. In the disclosed embodiment, policies are stored in the database 24 
(e.g, policy server) that is physically separate from an individual Service Controller 20 (or 22). 
The database 24 is accessed by a service gateway 52 associated with the Service Gateway 50. The 
policy server 24 checks policies of both the calling party and the called party. 

1 5 While the policy server 24 is shown as being physically separate from the S VC Service 

Controllers, it is understood that variations in form, such as, but not lifted to, for example, 
incorporating the policies in one or more SVC Service Controllers 20 (or 22), may be made 
without departing from the spirit and/or scope of the invention. 

The present invention discloses the use of a predetermined setup, such as, for example, 

20 UNI version 4.0 proxy, for the purpose of accessing bearer control. As a result, the NSICF 46 
terminates the UNI stack. However, it is understood that different protocols (such as, but not 
limited to, UNI version 3.1) may be used for accessing bearer control without departing from the 
scope and/or spirit of the invention. 

Fig. 3 illustrates an example of an ATM Switch* in which the ATM SVC Service is 

25 implemented using a next generation Multiservice Switching Function (MSF) ATM switch 54. 
In this regard, elements in this example that correspond to like elements in the first example are 
designated with the same element number. Further, a detailed discussed of such elements is not 
required. 

In the second example,, the virtual switch controller 32 and the bearer controller 34 are 
30 removed from the switch and are placed in a separate SVC Service Switch Controller 56, along 
with the NSICF 46. Further, UNI signaling passes through the switch 54 and on to the NSICF 46 
within the Switch Controller 56. It is noted that for purposes of simplification, Fig. 3 omits 
physical paths sp and vsc. 
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The NSICF 46 applies policy and screening to a UNI setup message based oh a calling 
party and a called party, a requested service class, etc., vm the service feature g&eway functioii. 
If the setup message is successful, the NSICF 46 invokes the bearer control function 34 that 
resides within the Switch Controller 56 that provides access to the network' s SVG capability. The 
Signaling Gateway function is placed within the physical port to denote that the UNI signaling 
crosses the boundary from customer to network, tta.it k being re-^cted via a PVC to the 
NSldF; :N6 is applied and the transport of the signaling does not change. The Bearer 
Control func^oh 34 is impl^ented by initiating aF^ protocol ih ^n 
to create a bearer connection across the network, F^r, the Ldgical Pc^ fiiction is accessed 
via the virtual switch control function along sp to access this function. 

It is noted that in a multiservice environment, service control is not limited to ATM 
SVC's. Other transport devices, such as, but not limited to, for example, Frame relay and IP 
layered on top of ATM, may be used. 

The present invention solves the problem of multiple services sharing the same Network 
Connection Capability while utilizing a common UNI Signaling method. In the following 
discussion, it is assumed that a calling party needs to access different Network Connection 
Capabilities based upon the services the calling party participates in. 

According to the instant invention, service customers access a service using either a 
dedicated signaling channel or a signaling network (which may optionally be TP based). During 
a service interaction, an ATM SVC Comection must be established ^te customers, Thus, 
one of the end-systems initiates aUNI setup. Once the UNI initiates the SVC's between the; ATM 
SVC Service and other Services, the Network Connection Capability correlates the calling party 
setup request with the service itbelongsto, so th^tjm appropriate pb^ .. 

The end-systems, the service, ^ the Ne^& must coordinkte 

their actions. Specifically, the Network Connection Capability must enable the enforcement of 
the service policy and/or logic (e.g., a program module) at least during the initial setup. In. 
addition, the called party must be able to map an incoming UNI to the appropriate 
. service/application. 

Four procedures are discussed below for ending enforcement ofthe service jx>licy and/or 
logic, in accordance with the present invention. However, it is understood that the invention is 
not limited to the four procedures discussed below, and thus, should not be interpreted as limiting 
the scope ofthe invention; alternative procedures may be employed without departing from the 
scope and/or spirit of the invention. 
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In the first procedure, to be discussed in detail below, the Service downloads (pushes) 
policy and/or logic into the NetWork Connection Capability before it requests the end-user to do 
a UNI setup. In the second procedure, to be discussed in detail below, the Network Connection 
Capability pulls in pdlicy and/or logic from the Service when it receives a setup 6r other signaling 

5 message. In the third procedure, to be discussed in detail below; the Network Connection 
Capability queries the Service when it receives a setup or other siting Message. In the fourth 
procedure, to be discussed below in detail, the Service sends the service customer an encrypted 
certificate that allows a setup phase to go through w^ 
Service and the Network Connection Capability. 

10 It is noted that the Network Connection Capability must be able to map the incoming setup 

to the corresponding service in the first through third procedures. In the fourth procedure, the 
service provides the end-system with a (preferably non-reusable) certificate that allows it to do 
the permitted setup. The end-system of the fourth procedure includes the certificate in its setup 
message, so that the controller does not have to consult with the service in order to determine 

15 whether to allow the setup. It is noted that while the certificate is preferably encrypted With the 
permissions as well as a sequence number, ffis is not a requte 

The first procedure will now be described witti reference to Fig. 4. In the first procedure, 
policy and/or logic is pushed (downloaded) into the Network Connection Capability before it 
requests the end-system to do a UNI setup. In accordance with this procedure, the Network 

20 Connection Capability maps the incoming setup to a corresponding service, this requires 
encoding a service instance unique ID (sjd), using known techniques, in the setup from the 

calling party. ** 

At step 1 (see Fig. 4), a service request is rriade to a Service Controller 58. The Service . 
Controller 58 then pushes (step 2) policy and/or logic to control the Network Connection 

25 Capability. Then, in step 3, the Service Control 58 requests that the service customer 10 initiate 
a UNI setup containing the s_id. The UNI setup is directed (step 4) from the customer 10 to the 
SVC Controller 20 (located within the Network Connection Capability), and contains the s_id. 
Since multiple customers may initiate multiple SVC's corresponding to a single service, the sjd 
functions to identify the service and the SVCinstance for the particular customer. 

30 In step 5, a proxy UNI is sent to the edge switch 12. As a result, PNNI is transmitted 

across the network (step 6), which results in the forwarding of a proxy UNI to the SVC Controller 
22 (located within the Network Connection Capability) at step 7. Thereafter, step 8 is performed 
to initiate UNI to the service customer 1 8. 
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In order for the customer to map the incoming tJNI setup to an application, either the setup 
contoins an application identifier or one of the SVC 6ntroller 22 or flie Service; Control 58 must 
alert the service customer 18 of the meaning UNI and its Virtual Path IdeitifierA^ijIual Channel 
Identifier (VPI/VCI), which is illustrated in Fig. 4 as step 7.5 . If the appucaiion identifier, and 

5 service identifier are the same, the s_id can be used. However, since this may not be the case, a 
different identifier is preferably used. 

The second procedure will now be described with reference to Fig. 5. In the second 
procedure, the Network Connection Capability pulls in policy ahoVor logic in a mariner simnar to 
that described in the first procedure. 

10 At step l(see Fig. 5), a service request is made to ^'^ai^.Ca^lSt Ua^2i^» 

Service Control 58 requests mat the service customer 10 initiate a UNI setup containing s_id. The 
UNI setup is directed (step 3) from the customer 10 to the SVC Controller 20 (located within the 
Network Connection Capability), and contains the s_id. Since multiple customers may initiate 
multiple SVC's corresponding to a single service, the sjd functions to identify the service and 

15 the SVC instance for the particular customer. Step 4 is then performed, in which the Network 
Connection Capability pulls policy and/or logic from the Service Control 58, which is completed 
by the reply provided in step 4.5. 

In step 5, a proxy UNI is sent to the edge switch 12. ; As ra result, pM is used to do ah 
SVC across the network (step 6), which results in a proxy UNI to the SVC Controller 22 (located 

20 within the Network Connection Capability) at step 7. Thereafter, step 8 is performed to initiate : 
UNI to the service customer 18. As in the first procedure, the SVC Controller 22 or the Service 
Control 58 alerts (step 7.5) the service customer 18 of the incoming UNI and its VPI/VCI. 

The third procedure will now be described. As this procedure is similar to the pull 
procedure (e.g., second procedure) described above, tiie following discussion wili only be directed 

25 to the differences. 

In the third procedure, an mcomihg setup message results in a query to an appropriate 
service control module. Other queries, based, on, for example, mid-call signaling events, can also 
be defined the query procedure includes a query and a response. In the case of a setup, the 
response contains information moicating whether the setup should go through, and under what 

30 conditions. 

It is noted that in the second and third procedures, the interaction between the Network 
Connection Capability and the Service Control 5 8 must be timely, in order to avoid a time out 
condition. Further, the s_id is needed in the setup that uniquely identifies the service. 
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The Hard, procedure differs from the first and second procures in at least one important 
respect Specifically; in the query procedure, the service is not constrained by the capabilities of 
the SVC Controller that interprets service policy and/or logic. 

The fourth procedure will now be described with reference to Fig. 6, In ke fourth 
5 procedure, multiple services use the same network connection capability under IM Signaling 
without requiring an interaction between the services and the network connection capability . In 
accordance with this procedure, the Service Control 58 provides the service customer 10 with a 
certificate allowing it to do a permitted setup. The certificate specifies p^ttei setup 
parameters. The service customer 10 includes the certificate in its setup message. In this regard, 
10 itisrotedthatthenetworkcoim^^ 

58 in order to allow the setup. Tbe certificate uniquely identifies which service allowed the setup, 
. ; ; so that billing and accounting can be properly 
parties. 

While the following discussion indicates mat the certificate are encrypted, it is noted mat 
15 the encryption may be omitted without departing from the spirit and/or scope of the invention. 
It is also noted that the certificate may contain the permissions and/or a sequence number. 
According to the disclosed fourth procedure, certificates are non-reusable. Further, since events 
may happen asynchronously, the certificates may not necessarily be used in the order that Ihey are 
received. 

20 Each network service (s) has a private key (E.s) that is used to encrypt certificates. For 

each encryption key," the network connection capabUity has a private decryption key (D.s). Asa 
result, only the network connection capability can read a certificate, and only the network service 
can have originally generated the certificate. Further, according to the disclosed procedure, each 
certificate is preferably encrypted with a unique sequence number in order to ensure that a 

25 previous certificate is not used again. When the Network Connection Capability decrypts a 
certificate, the Network Connection Capability examines the sequence number to determine 
whether the certificate has been seen before. 

Keeping a record of each and every certificate (with mek a»ociated sequence number) mat 
has been received would require a very large database, inorde* to rnr^inize the size oflbiS;. 

30 database, a preferred feature of me fourth procedure is to g^erate ; certificates in which 
subsequently generated certificates have bcreasihg sequence; numbers. As a result, the network 
connection capability only needs to keep a limited size history (which changes over time) of 
previously seen certificates for each service. In addition, the size of the database that must be 
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maintained can be further reduced by date-stamping (and/or time-stamping) tbe certificates in 
addition to assigning sequence numbers. If the date-stamped (and/or time-stamped) certificate 
exceeds a predetermined delta value (such as, but not limited to, for example, 1 day and/pr i 
minute), the certificate ! (and thus connection request) is rejected. 

5 Referring to Fig. 6, a service request is initially made to a Service Control 58 at step 1. 

In response, toe Service Control 58 requests (steps 2) that the service customer 10 initiate a 
certificate and a UNI setup amtaining s_id . The UNI setup (containing the s_id and certificate) 
is directed (step 3) from the customer 10 to the SVC Controller 20 that is located within the 
Network Connection Capability. 

10 In step 4, a proxy UNI is sent to the edge switch 12. As a result, PNNI is transmitted 

across the network (step 5), which results in a proxy UNI being sent to toe SVC Controller 22 
(located within the Network Connection Capability) at step 6, As in the first method, tiie SVC 
Controller or the Service Control 58 alerts (step 6.5) the service customer of the mcoming UNI 
and its VPI/VCL Thereafter, step 7 is performed to initiate UNI to the service customer 18, 

15 The discussion above Ulustrates certain procedures for achieving the network connection. 

As previously noted, the instant invention is not dependent upon the specific implementation 
described above. Consequently, other implementations may be utilized wtoout departmg from 
the spirit and/or scope of the invention. 

It is noted that the push (download) procedure (e.g., the first procedure) ailpws third party 

20 service providers to be connected by the Internet, whereas the other disclosed procedures may not 
It is further noted that once policy and/or logic is pushed (per the first procedure), it is locally 
available to a SVC Controller, where it can be applied in leal-time to setup messages, as opposed 
to waiting to pull it in (per toe second procedure) or querying to a service (per the third 
■ procedure). 

25 Further, toe various procedures described ^ aobve may be c»mbined. For example, tob push 

procedure may be combined wife the query procedure. In such a combination, a setup can operate 
to query a service controller which then pushes policy and logic;, alternatively (or in addition), 
queries can be placed on variables that represent the state of a call. 

The foregoing discussion has been provided merely for the purpose of explanation and is 

30 in no way to be construed as limiting of the present invention. While the present invention has 
been described with reference to exemplary embodiments, it is understood that the words which 
have been used herein are words of description and illustratibn, rather than words of limitation. 
Changes may be made, within the purview of the appended claims, as presently stated and as 
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amended, without departing from the scope and spirit of the present inventiph in its aspects, 
Although the present invention has been described herein p reference to particular, nieans, 
materials and embodiments, the present invention is not intended to be limited to the particulars 
disclosed herein; rather, the present invention extends to all functionally equivalent structures, 
5 method* and uses, sw& as are w 
In accordance witb^^ 
" herein are intended for operation as software programs running on a computer processor. 
Dedicated hardvvare implaneatations Wuding, but not lhnited to, appUcation specific integrated 
circuits, programmable logic arrays and other hardware devices Can likewise be constructed to 
10 implement the methods described herein. Furthermore, alternative software implementations 
including, but not limited to, distributed processing or component/object distributed processing, 
parallel processing, or virtual machine processing can also be constructed to implement the 

methods described herein. 

It is also noted that the software implementations of the present invention as described 

15 herein are optionally stored on atangible storage medium, such as: a magnetic meo^ 

adisk or tape; a magneto-optical or optical medium such as a disk; or a solid state medium such 
as a memory card or other package mat houses one or more read-only (non-volatile) memories, 
random access memories, or other re-writeablc (volatile) memories. A digital file attachment to 
e-mail or other self-contained information archive or set of archives is considered a distribution 

20 • medium equivalent to a tangible storage medium. Accordingly, Ihe invention is considered to 
include a tangible Storage medium or distribution medium, as listed herein and including art- 
recognized equivalents and successor media, in which the software implementations herein are 
stored. 

In addition, although the present specification describe 

25 implemented in the embodiments with reference to particular standards and protocols, the 
invention is not limited to such standards and protocols. The standards for Internet and other 
packet-switched network transmission (e.g., TCP/IP, UDP/IP, HTML, SHTML, DHTML, XML, 
PPP, FTP, SMTP, MIME); peripheral control (IrDA; RS232C; USB; ISA; ExCA; PCMCIA); and 
public telephone networks (ISDN, ATM, xDSL) represent examples of the state of tile art Such 

30 : standards are periodically superseded^ fester or more efficient equivalents, having essentially 
the same functions. Replacement standards and protocols having the similar functions are 
considered equivalents. 
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We claim: " - 

1. A multiservice switching system, comprising: 

a switching device having predetermined functions with respect to a request for a 
predetermined service; 

5 a switch controller having a bearer function and a virtual switch function for controlling 

said switching device; and 

a proxy device containing at least one of service policies and logic related to one of 
enabling and denying said predetermined service, b which multiple service reque^ ^ correlated 
with respective services to enable at least one appropriate policy and logic, 
10 2, The multiservice switching system of claim 1, wherein said switching device and said 

switch controller comprise a conventional switch, 

3. The multiservice switching system of claim 2, wherein said conventional switch 
comprises an ATM Switch. 

4. The multiservice switching system of claim 2, wherein sdd switching device and said 

15 switch controller comprise a next generation switch. 

5; The multiservice switching system of claim i , fiir^ 
said service controller including said switch controller. 

6. The multiservice switching system of claim 1, wherein said switching device includes 
said switch controller. 
20 7. A method for switching plural forms of data, comprising; 

having an initiating customer request a service; 
obtaining predetermined data related to the requeued service; 

iinstriicti^ ^ customer to initkte a p setup identifying the 

requested service^ when the requited service is permitted; 
25 passing a predetennined signal across a network in response to the predetermined setup; 

and 

initiating a second predetermined setup, in response to the passed predetennined signal, 
to one of accept and rqect the requested service, the second predetermined signal being provided 
to the initiating customer, in which multiple service requests are correlated with respective 
30 services to enable at least one appropriate policy arid logic. 

8. The method of claim 7, wherein obtaining comprises pus^g the predetennined data. 

9. The method of claim 8, wherein the pushing predetermined data comprises pushing at 
least one of policy and logic representing at least one of service capabilities and service 
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permissions. 

10. The method of claim 7, wherein obtaining comprises pulling the predetermined data. 

11. The method of claim 7, wherein obtaining comprises querying a sendee control 
module for the predetermined data. 

12. The method of claim 7, further comprising using a certificate to specify permitted 

setup parameters. ; '-^ „;,.„:,.,, ";,v; 1 "„,, = 

13. The method of claim 12, fintte 

14. The method of claim 13^ further comprising assigning a sequence nuniber to the 
encrypted certificate. 

15. The method of claim 12, wherein the certificate further identifies which service 
allowed the setup. 

16. The method of claim 12, further comprising determining whether the certificate is 

valid. 

17. The method of claim 12, further comprising preventing reuse of the certificate. 

18. The method of claim 1 7, wherein preventing comprises examining a sequence number 
assigned to the certificate to determine whetha the s^uence number was seen before. 

19. The method of claim 17, whereto 

time-stamp and a date-stamp to determine wherein the at least one of the time-stamp and the date* 
: stamp exceeds a predetermined delta value. 

20. A rnethod for switching plural forms of data, comprising: 
initiating a Service request by an Mtiatm 

establishing the sem 

initiating a second predetermined setup to one of accept and reject the requested service, 
in which multiple service requests are correlated with respective services to enable at least one 
appropriate policy and logic. 

21. The method of claim 20, wherein estabhshing the service request comprises using a 

pushing procedure. 

22. The method of claim 20, wherein establishing the service request comprises using a 
pulling procedure. 

23. The method of claim 20, wherein establishing the service request comprises using a 
query procedure. 

24. The method of claim 20, further comprising a Semce Control that requesfa that ^ 
initiating customer initiate a user-to network interface setup. 
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25 The method of claim 20, whereih the service request is transferred over an ATM 
network, the predetermined setup being redirected from a s^tching device to a service controller. 

26. The method of claim 25, further comprising controlling the switching device with a 
switch controller, the switch controller being integral with the switching device. 
5 27. The method of claim 25, further comprising controlling the switching device with a 

switch controller, the switch controller being integral wim the service controller. ; 

28. The method of claim 20, wherein establishing further comprises including a certificate 
for establishing the service request using the predetermined setup. 

29. The method of claim 28, whereih the certificate specifies permitted setup parameters. 
10 30. The method of claim 28, further comprising encrypting the certificate. 

31. The method of claim 30, further (»mprismg assigning a sequence number to the 
encrypted certificate. 

32. The method of claim 28, wherein the certificate further identifies which service 
allowed the setup. 

15 33. The method of claim 28, further comprising deterniining whether the certificate is 

valid. 

34. The method of claim 28, further comprising preventing reuse of the certificate. 

35. The method of claim 34, wherein preventing comprises examining a sequence number 
assigned to the certificate to determine whether the sequence number was previously examined. 

20 36. The method of claim 34, wherein preventing comprises examining at least one of a 

time-stamp and a date-stamp to determine whether the at least one of the time-stamp and the date- 
stamp exceeds a predetermined delta value, 

37. The method of claim 7, wherein the predetermined setup comprises a UNI setup, the 
predete^ed signal comprises a PNMpro^^ 

25 a second UNI setup. 

38. The method of claim 20, wher^ the predetermine setup comprises a user-to-network 

iirterface setup. 
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